Mobile Money AML Challenges in Kenya have become a growing concern as the country’s mobile money ecosystem continues to expand at an unprecedented pace. Kenya’s mobile money revolution has reshaped how an entire nation moves value. Since Safaricom launched M-Pesa in 2007, mobile money services have grown from a niche experiment into core financial infrastructure. Today, registered mobile money accounts in Kenya exceed 82 million, covering roughly 82% of adults, while M-Pesa’s agent network alone processed over KSh 38.29 trillion in FY 2024–25. Globally, mobile money transactions reached $1.7 trillion in 2023, and Kenya sits at the epicentre of that growth.
But this scale introduces a core tension. Mobile money services can facilitate money laundering and terrorism financing when monitoring is weak or absent. Kenya’s role as a regional mobile money hub in East Africa means its approach to anti money laundering and countering the financing of terrorism (AML/CFT) is heavily scrutinized by bodies like the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) and the Financial Action Task Force (FATF). Safeguarding financial integrity while promoting financial inclusion requires careful calibration.
This article breaks down the specific AML challenges facing Kenya’s mobile financial ecosystems, the regulatory tools in play, and how RegTech providers like ZIGRAM support mobile money operators with automated controls, including name screening, transaction monitoring, and entity risk assessment, to keep pace with volumes that no manual process can handle.
Overview of Mobile Money Services in Kenya
Mobile money services refer to SIM-based digital wallets accessed via USSD codes, smartphone apps, and a vast agent network of over 380,000 locations. These mobile money platforms enable digital money transfers, merchant payments via QR codes and Paybill numbers, utility and school fee payments, government-to-person disbursements, and even microcredit or insurance products through partner integrations. In essence, mobile money provides a convenient and affordable way to conduct secure transfers and handle everyday financial transactions using mobile phones.
The market is dominated by three players: Safaricom’s M-Pesa, Airtel Money, and Telkom Kenya’s T-Kash. Each partners with commercial banks that hold escrow funds under the Central Bank of Kenya (CBK) oversight. M-Pesa alone operates nearly 300,000 agents across the country.
The impact on financial access has been transformative. Financial inclusion among Kenyan adults rose from approximately 42% in 2011 to around 90% in 2024, with mobile money as the primary driver. Countries with enabling regulations have consistently seen more active mobile money accounts, and Kenya exemplifies this. For millions who lack formal bank accounts, a mobile money account is their first-and sometimes only-link to formal financial services, including savings accounts, mobile banking services, and digital credit.
Key user segments include:
Low-income households and vulnerable populations using mobile payments for daily needs
Small business owners and MSMEs paying bills, suppliers, and employees
Rural communities where traditional banking services are absent
Diaspora remittance recipients receiving cross-border mobile money transfers
Regulatory and Institutional Framework for Mobile Money & AML in Kenya
Kenya adopted an “enabling but supervised” regulatory stance that allowed mobile money to scale rapidly while imposing AML standards. Kenya’s National Payment Systems Act (2011) regulates mobile payment systems and provides CBK with licensing and supervisory authority over non-bank payment service providers. The Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) serves as the primary AML/CFT statute, requiring all reporting institutions, including mobile money operators, to implement customer due diligence, maintain records for at least seven years, and file suspicious transaction reports (STRs).
Kenya’s mobile money systems comply with AML standards set by FATF, embedded through POCAMLA and CBK guidance. The Central Bank of Kenya oversees licensing, supervision, and prudential requirements for banks, microfinance institutions, and payment service providers. Zambia’s mobile money operators must similarly hold a license from the banking regulator, illustrating how supervisory models across the region share common DNA.
Key institutional roles in Kenya’s AML architecture:
Institution | AML Role |
|---|---|
CBK | Licenses MNOs and PSPs; issues AML guidelines; supervises compliance |
Financial Reporting Centre (FRC) | Receives STRs and CTRs; conducts investigations; publishes typologies |
Communications Authority (CAK) | Oversees SIM registration and telecom identity verification |
Law enforcement / Assets Recovery Agency | Enforces seizures, prosecutions, and asset recovery under POCAMLA |
Mobile money providers must implement KYC regulations to ensure accountability. KYC procedures help prevent money laundering in mobile money services by verifying user identities at onboarding and throughout the customer lifecycle. Kenya’s engagement with ESAAMLG mutual evaluations and national risk assessments continues to shape how regulators regulate mobile money services.
Specific AML/CFT Risks in Kenya's Mobile Money Ecosystem
Kenya’s AML challenges are not theoretical. They emerge from documented typologies across East Africa involving fraud rings, corruption proceeds, and cross-border laundering and terrorist financing schemes. Mobile money services can facilitate money laundering without robust monitoring, and the structural features of the ecosystem-ubiquity, informal agency, cash intensity-create particular risks.
The scale of mobile transactions complicates the tracking of illicit funds. For context, in 2022, Tanzania recorded 4.2 billion mobile money transactions worth $54.4 billion, illustrating the staggering volumes that regional mobile money systems process. Kenya’s numbers are comparable. Criminals exploit this volume in several ways:
High transaction volumes and velocity. Millions of low-value mobile money transactions occur daily. Criminals use structuring to avoid detection through small, frequent transactions that individually fall below reporting thresholds.
Widespread agent networks. Agents can be misused as cash-in/cash-out points for layering. Agents may register multiple lines to bypass transaction limits in mobile money, creating ghost accounts for illicit flows.
SIM registration weaknesses. Multiple SIM cards, stolen or forged IDs, and SIM-swap fraud undermine identity-transaction links. Without full formal identification systems, mobile network operators struggle to verify who is behind each wallet.
Non-face-to-face onboarding. USSD and app-based registration in rural areas with limited financial literacy increases the risk of identity fraud and document forgery.
Cross-channel integration. Funds move rapidly from mobile wallets to bank accounts, SACCOs, fintech wallets, and remittance corridors, enabling layering across products.
Concrete risk scenarios observed in Kenya include the use of mobile wallets to move corruption proceeds, with mobile records later serving as critical evidence in investigations. Criminals engage in rapid, anonymous transfers using mobile payment systems to layer illicit funds before converting to cash. In the Horn of Africa context, possible use of mobile money corridors for regional terrorist financing remains a concern highlighted in financial crime and compliance assessments.
Economic informality compounds profiling challenges. Cash-heavy sectors like transport, agriculture, and small retail interface constantly with mobile money agents, making “expected behaviour” modelling extremely difficult. Unregulated mobile money platforms in the broader region are prime targets for fraud, which is why Kenya’s regulated approach matters-but gaps persist. Mobile money services can also lead to significant tax evasion when transaction flows remain opaque.
Operational Mobile Money AML Challenges in Kenya for Operators
Beyond regulatory text, mobile money operators face daily operational hurdles implementing effective AML/CFT controls at national scale. Significant investment is needed for monitoring suspicious activities in mobile money, and many operators still contend with legacy infrastructure.
KYC and onboarding challenges:
Reliance on national ID quality and databases, with gaps for refugees, undocumented persons, and communities without formal identification systems.
KYC guidelines require original identity verification for mobile money transactions, but verifying documents in remote areas is unreliable. CBK issued a circular in January 2024 warning about remote onboarding exploiting forged documents.
Ensuring accurate SIM registration and preventing multiple accounts under one identity unless risk-based transaction limits are enforced.
Managing tiered KYC-low-value wallets with simplified due diligence versus full KYC for higher limits-adds operational complexity. Know Your Customer (KYC) compliance is challenging in mobile money networks at this scale.
Transaction monitoring difficulties:
Distinguishing legitimate high-frequency low-value activity from structured laundering across millions of daily transactions.
Behavioural anomalies and typical rule-based system limitations generate excessive false positives and alert fatigue. Transaction monitoring helps detect suspicious transaction patterns in mobile money, but tuning thresholds for mobile-money-specific patterns requires specialized expertise.
Cross-channel monitoring gaps emerge when mobile money users move funds between wallets, bank accounts, and digital lenders. Incomplete customer due diligence hinders effective monitoring in mobile money when data is fragmented across systems.
Agent network risks:
Agent collusion, fake or inactive agents, and over-the-counter transactions that circumvent proper KYC. Mobile money services face challenges due to agent-based cash reliance at the last mile.
Regional hotspots where agents handle disproportionately large cash volumes and may support ML schemes. Vetting agents requires robust Know Your Business (KYB) processes.
Data and technology challenges:
Legacy systems, fragmented data sources, and limited real-time analytics constrain operators.
Difficulties integrating sanctions screening, PEP checks, and adverse media into mobile-first onboarding, especially for local naming conventions.
Balancing Financial Inclusion, Consumer Protection, and Financial Integrity
Kenya is often cited as an example of combining high financial inclusion with AML standards, but regulators must balance anti-money laundering policies with financial inclusion to avoid unintended consequences. Overly stringent controls can harm mobile financial services adoption in several ways:
Exclude low-income or rural users who lack formal IDs, driving financial exclusion.
Create friction for women, youth, and informal workers-including small business owners-who depend on mobile money as a safe and private means to transfer money and manage household finances.
Drive users back to cash or informal channels, hampering financial integrity by pushing transactions outside monitored financial systems.
Ghana implemented a 1.5% electronic levy on mobile transactions in 2022, and a 38% drop in mobile money transactions occurred in Tanzania after a new levy, demonstrating how poorly calibrated policies can undermine adoption. Regulators create tiered KYC requirements to promote financial inclusion in mobile money, enabling proportionate controls:
Tiered mobile wallet limits and transaction caps linked to KYC level.
Simplified due diligence for small-value, domestic mobile money transactions.
Enhanced due diligence and closer monitoring for cross-border or high-value use cases.
KYC procedures are essential for consumer protection in mobile money services, and consumer protection elements directly intersect AML objectives:
Transparent fees, dispute resolution, and fraud handling maintain user trust.
Requirements for clear communication in local languages via SMS/USSD about blocked accounts or suspicious activities.
Kenya’s design principles aim to balance AML obligations with inclusion goals: do no harm to financial access, align with FATF recommendations, protect vulnerable populations, and support economic development. The approach supports financial inclusion while addressing ml and ft risks through proportionality. For low income countries and middle income countries alike, Kenya’s framework offers a reference model-though population and resource constraints mean implementation remains uneven.
RegTech and Data-Driven Approaches to Strengthen Mobile Money AML in Kenya
Data analytics, AI, and RegTech offer practical ways to improve AML controls for Kenyan mobile money operators without undermining accessibility. Centralized transaction monitoring enables real-time oversight of activities across wallets, agents, and partner banks, reducing the fragmentation that criminals exploit.
Key technology capabilities relevant to the Kenyan context:
Real-time transaction monitoring tuned for mobile money patterns-P2P micro-payments, merchant QR usage, and agent cash-in/cash-out flows-using rolling windows rather than static thresholds to detect suspicious transaction patterns.
Advanced name screening against sanctions lists, PEP databases, and local watchlists, adapted to East African naming conventions where multiple or variable names are common.
Adverse media monitoring to identify higher-risk customers and agents beyond static lists, capturing emerging fraud rings reported in local press and social media.
Centralized data aggregation across wallets, agents, and partner banks reduces fragmentation and supports better reporting to FRC. Scalable cloud-native systems handle Kenya-level transaction volumes with low-latency alerts. Mobile money operators can use mobile money transaction data more effectively when it flows into a unified platform.
ZIGRAM’s “The Complete AML System” provides exactly this kind of integrated platform, combining name screening, transaction monitoring, entity risk assessment, and adverse media tools tailored for regulated financial institutions. Kenyan mobile money operators and partner banks can use this system to automate large parts of their AML workflows, detect suspicious transaction patterns with greater accuracy, and document compliance to CBK and FRC-all while supporting tiered KYC and risk-based controls aligned with local guidelines.
Case Examples and Emerging Typologies in the Kenyan Context
Anonymized and publicly documented cases illustrate how mobile money can be misused-and how AML controls respond. These examples draw from FRC typology guidance and industry research.
Case 1: SIM-based identity fraud and cross-agent laundering. A suspect used multiple identity cards obtained from relatives to register approximately 10 SIM cards. These were used to receive funds from abroad via mobile money, with withdrawals made through 41 different till numbers totalling KES 11.29 million. Transaction monitoring and agent risk scoring helped detect the pattern by flagging the unusual geographic spread and velocity of cash-outs across the agent network.
Case 2: PayBill/Till number shell activity. Small businesses with declared low revenue received incoming mobile money flows wildly inconsistent with their known business profiles. These PayBill numbers effectively served as channels for converting illicit proceeds, blending them with legitimate merchant activity. Red flags included transaction volumes exceeding declared turnover by orders of magnitude.
Case 3: Rapid receive-and-withdraw schemes. Accounts receiving many inflows via mobile money transfers withdrew nearly all funds within hours through agent cash-outs in different counties. These wallets showed no credible commercial purpose-classic indicators of layering, where mobile banking and agent networks combine to obscure the origin of funds.
Key red flags across these cases:
Mismatch between declared identity or business activity and observed transaction volumes
Use of multiple agents, SIMs, or wallets by linked individuals
Rapid velocity of fund movements with no economic rationale
Cross-channel flows between mobile wallets and formal bank accounts
The lesson is clear: mobile money operators must implement KYC guidelines to prevent fraud, invest in agent due diligence, and deploy device-level analytics alongside network analysis to detect these schemes. Replacing cash with digital flows creates an investigative trail-but only if monitoring systems are sophisticated enough to use it.
Policy and Supervisory Priorities for Kenya's Next Phase of Mobile Money Growth
Kenya has made significant progress, but future growth in mobile money-super-apps, embedded finance, QR-based mobile payments, digital credit-will intensify AML expectations. The private sector, regulators, and the broader financial inclusion centre of Kenya’s development agenda must evolve together. Mobile money operators must also address terrorist financing risks as cross-border interoperability expands.
Priority areas for policymakers:
Enhancing supervisory technology (SupTech) at CBK and FRC. CBK has already adopted a granular data integration system covering RTGS, PesaLink, and mobile money for real-time oversight.
Strengthening coordination between CBK, FRC, law enforcement, and CAK on SIM registration, data sharing, and joint investigations.
Updating mobile money regulations and guidance to address new products-QR payments, super-apps, digital credit, and cross-border corridors. Current guidance remains banking-focused. In 2022, Tanzania had 4.2 billion mobile money transactions, reinforcing that regional scale demands harmonized frameworks across the East African Community.
Improvements in reporting and feedback loops are equally important:
Clearer typology guidance for mobile money operators so compliance teams can detect suspicious transaction patterns more effectively.
Faster feedback from FRC on submitted STRs to help operators refine detection models. Without feedback, operators cannot calibrate credit risk models or assess whether their reporting quality meets expectations.
Public-private partnerships and industry forums-where operators, banks, and RegTech firms co-develop best practices-are essential. Kenya’s mobile money regulations can serve as a foundation, but innovation in financial crime prevention must keep pace with innovation in mobile devices and digital money transfers.
ZIGRAM is a RegTech provider focused on AML, financial crime compliance, and emerging risk management for regulated institutions-including banks, fintechs, and mobile money operators handling large-scale mobile banking operations.
ZIGRAM’s “Complete AML System” offers:
Integrated name and sanctions screening, including PEPs and local watchlists, designed to handle East African naming conventions accurately.
Mobile-money-ready transaction monitoring with configurable scenarios for structuring, agent anomalies, rapid cash-in/cash-out, and cross-border flows.
Entity risk assessment and due diligence reports for large agents, merchants, or corporate wallet holders.
Adverse media and news monitoring to continuously refresh risk profiles across mobile money platforms.
For Kenyan mobile money realities, the system handles very high transaction volumes with low latency, supports tiered KYC and risk-based controls aligned with CBK guidelines, and provides dashboards and audit trails that simplify regulatory reporting to CBK and FRC. ZIGRAM works with compliance teams to customise rules, deploy machine-learning models where appropriate, and integrate with existing mobile money core systems and agent management tools.
Nearly $1.7 trillion moved through mobile money accounts in 2023. At that scale, manual compliance is not an option. If you are responsible for AML at a Kenyan mobile money operator, bank, or fintech, book a demo to see how ZIGRAM’s Complete AML System fits your operational reality.
Conclusion
Kenya’s mobile money success story is extraordinary-over 80% adult penetration, financial inclusion nearly doubling in a decade, and trillions of shillings flowing through mobile wallets annually. But this success creates complex AML challenges: structuring, agent misconduct, identity fraud, and cross-product layering that can exploit any gap in oversight. Money laundering and terrorist financing risks are real, documented, and growing in sophistication.
Sustaining both economic growth and financial integrity requires proportionate, risk-based mobile money regulations paired with scalable RegTech. Systems like ZIGRAM’s Complete AML System give operators the tools to detect suspicious transaction patterns, manage agent risk, and meet evolving CBK and FRC expectations-without creating friction that pushes mobile money users back toward informal cash channels.
Kenya’s experience-balancing consumer protection, financial systems integrity, and inclusion for populations that lack formal bank accounts-offers a blueprint for other Sub-Saharan African nations navigating the same tensions. The operators, regulators, and technology partners who get this balance right will define the next chapter of mobile financial services across the continent.
